General
-
Target
TwentyApp.exe
-
Size
3.3MB
-
Sample
230327-qmblwaff7t
-
MD5
5e2b1df5effbe5123eeff6752af2ca59
-
SHA1
2e1597b42c40155aa4f56ed708ea4aeb2a5d8698
-
SHA256
cd5d681f249663dde55b694693ead4e63ff1d626e5db57975aeaa41e65205c37
-
SHA512
e1ce42dbea6940dbf883ba32f4e934dce2803606a3109369ddfc9cf47e89d82f4f6fcb1854a0745a0e4cb0ad1e095627f35c03a06fa5f42693638039b58698c2
-
SSDEEP
98304:mZgO4UAJkCxZt3e0Y6qRlp5CNMqMDstLS7cqjAny:mZg3JlB3gXRlpkMqUM6cqjo
Behavioral task
behavioral1
Sample
TwentyApp.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
TwentyApp.exe
Resource
win10v2004-20230220-en
Malware Config
Targets
-
-
Target
TwentyApp.exe
-
Size
3.3MB
-
MD5
5e2b1df5effbe5123eeff6752af2ca59
-
SHA1
2e1597b42c40155aa4f56ed708ea4aeb2a5d8698
-
SHA256
cd5d681f249663dde55b694693ead4e63ff1d626e5db57975aeaa41e65205c37
-
SHA512
e1ce42dbea6940dbf883ba32f4e934dce2803606a3109369ddfc9cf47e89d82f4f6fcb1854a0745a0e4cb0ad1e095627f35c03a06fa5f42693638039b58698c2
-
SSDEEP
98304:mZgO4UAJkCxZt3e0Y6qRlp5CNMqMDstLS7cqjAny:mZg3JlB3gXRlpkMqUM6cqjo
Score9/10-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Blocklisted process makes network request
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Sets desktop wallpaper using registry
-